Redirect All Trafic To Proxy Server in one LAN

kujtos · December 24, 2005, 11:06pm

Hi

I have one gateway with ip : 192.168.0.1 and this Box is connected To internet. - this line is: 128kbps
with this line i use routes for public ip addresses 254 Ip-s.

Also another box in IP: 192.168.0.2 with Squid proxy at port 8080. also this box is connected to internet - this line is 16Mbps Skydsl Downstream and 128 Upload.

Workstations Use their ip : 192.168.0.0/24 with gateway : 192.168.0.1 , and into Firefox i use proxy : 192.168.0.2:8080..

Please can anyone help me how to redirect all http traffic from 192.168.0.1:80 to 192.168.0.2:8080

Best regards,

proxy · December 24, 2005, 11:19pm

which version of MT are you using?

kujtos · December 24, 2005, 11:32pm

I’m Using 2.8 OS MT

kujtos · December 24, 2005, 11:37pm

I have foud the solution like this:

I have enable Proxy server in 192.168.0.1 and trough Transparent proxy i have connect to 192.168.0.2.

Now i Just nned a help How to redirect All traffic from 192.168.0.1:80 to 192.168.0.1:8080 and beacouse 192.168.0.1:8080 is connectet with transparent proxy of 192.168.0.2 i thin it will Work

Best regards,

cabana · December 25, 2005, 11:09am

Try

add in-interface=ether1 protocol=tcp dst-address=!192.168.0.1/32:80 action=redirect to-dst-port=8080

aser the manual

kujtos · December 25, 2005, 4:50pm

Thanks Man,

You have save me .

kujtos · December 26, 2005, 5:55pm

I have solved the problem For port 80

but fttp port dosent Work.

Is there any chanse to redirect trafic of FTP from MT to another host at port 2121.

Like i have write Up:

All trafic from 192.168.0.1 port 21 to redirect to 192.168.0.2 at port 2121 .

mag · December 26, 2005, 6:35pm

i guess one needs an application-proxy to handle this kind of redirection.
otherwise the answer from e.g. the ftp-server comes from an unexpected ip-address to the client and will be discarded.

Tonda · December 26, 2005, 9:30pm

I agree with MAG but I think you should also try to correctly set up firewall rules in order to allow incoming established and related connections, this should be some kind of substitute for application proxy. I am not sure about this, but you can try..

kujtos · December 26, 2005, 9:39pm

I think like this… I dont know does it work like this LOGIC

All protocol for port 80 from eth1 to be redirected to port: 8080 of eth1 at IP 192.168.0.2

And protocol for port 21 from eth1 to be redirected to port: 2121 of eth1 at IP 192.168.0.2

Does it can work like this..

Tonda · December 26, 2005, 9:44pm

I suppose at 192.168.0.2:8080 is some kind of webproxy running. What service is running at 192.168.0.2:2121? Imagine that soembody from your internal network tries to connect to FTP server X.X.X.X:21. First SYN packet comes to your Mikrotik, there you have some kind of dst-nat rule, which changes destination address of this packet to 192.168.0.2:2121 and that is all folks…You lost your original destination address.

cibernet · December 27, 2005, 12:55am

You must use parent proxy to work…

kujtos · December 27, 2005, 10:59am

At host: 192.168.0.2 i have Satellite Downstream of 16Mbit/s that work like this:

192.168.0.2:8080 have a proxy server
192.168.0.2:2121 is FTP proxy
192.168.0.2:1080 Socket

To use sattelite downstream i neded to write to all my hosts proxy for Firefox and IE. but sometime Some of the user change them and they are not satisfy with the speed my default gateway 192.168.0.1.

If its posible to Redirect all the trafic for ftp , www, and socket to 192.168.0.2 it will solve too many problems.

Tonda · December 27, 2005, 11:26am

Important question: why do you try to redirect client connections when http proxy and also FTP proxy is reachable directly in your internal network?

kujtos · December 27, 2005, 12:05pm

I need this beacouse In the Net caffe that is installed i have more than 60 Hosts, And in a Day we have more than 500 Customers.

Someone changes the proxy setting and after they finish their job do not put the proxy how it was.. And there are problems…

the cashier is allway in searching who have change the proxy and something like that

Tonda · December 27, 2005, 12:22pm

What operating system do you use in your client workstations? I think primary goal in this case is to prevent your customers to modify your workstation configuration…

cabana · December 27, 2005, 3:08pm

I agree with tonda, you should look at putting some sort of Cyber Cafe management software on your machines. That way you would have full control over what is going on

maroon · December 28, 2005, 9:24am

you have to redirect the http to the server with DVB box…

you should use the dst-nat and transparent proxy …

Regards,

philip · December 28, 2005, 1:15pm

In that case, you need something sound like system goback. Eash time your client finished use the pc, than restart it and system back to your original seting. So, the next user should be not problem to use the pc.
Is it a good ideal, better than searching all over the pc…

rgs

Tonda · December 28, 2005, 7:32pm

To kujtos:
You haven’t answered what operating system do you use. I am not able to recognize what answer is best for you.